|
Posted by Ansgar -59cobalt- Wiechers on November 13, 2006, 11:54 am
If you were Registered and logged in, you could reply and use other advanced thread options > I've got this firewall configuration on a suse 10.1 distribution:
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
>
> iptables -t nat -A POSTROUTING -o dsl1 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Lan is working correctly.
>
> The problem is that my lan computers behind this firewall can't open
> certain web sites, but other sites are correctly browsed.
> I can't understand the cause even because policies are dropping
> nothing.
You are probably experiencing fragmentation problems. This usually
happens when you're on a DSL uplink, some router between your host and
the server requests packet fragmentation (by sending back the respective
ICMP message), and the message gets dropped somewhere en-route, because
some idiot admin blocks ICMP.
Try this:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN \
-o dsl1 -j TCPMSS --clamp-mss-to-pmtu
Besides, you do *not* have a firewall here, because you allow each and
every traffic between the networks connected by this router.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
| 
XML site map